USNs for ubuntu 14.10

USN-2685-1: Linux kernel vulnerabilities

A flaw was discovered in the kvm (kernel virtual machine) subsystem’s kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2015-4692) A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial…

24 July 2015

USN-2676-1: NBD vulnerabilities

It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6410) Tuomas Räsänen discovered that NBD incorrectly handled wrong export names and closed connections during…

22 July 2015

USN-2675-1: LXC vulnerabilities

Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. (CVE-2015-1331) Roman Fiedler discovered that LXC incorrectly trusted the container’s proc filesystem to set up AppArmor profile changes and SELinux domain transitions….

22 July 2015

USN-2674-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. Ubuntu 15.04 has been updated to MySQL 5.6.25. In addition to security fixes, the updated packages contain bug fixes, new features,…

21 July 2015

USN-2673-1: Thunderbird vulnerabilities

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Bob Clary, Christian Holler, Bobby Holley, and…

20 July 2015

USN-2656-1: Firefox vulnerabilities

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Looben Yan discovered 2 use-after-free issues…

9 July 2015

USN-2672-1: NSS vulnerabilities

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Watson Ladd discovered that NSS incorrectly…

9 July 2015

USN-2671-1: Django vulnerabilities

Eric Peterson and Lin Hua Cheng discovered that Django incorrectly handled session records. A remote attacker could use this issue to cause a denial of service. (CVE-2015-5143) Sjoerd Job Postmus discovered that DJango incorrectly handled newline characters when performing validation. A remote attacker could use this issue to perform header…

9 July 2015

USN-2670-1: libwmf vulnerabilities

Fernando Muñoz and Stefan Cornelius discovered that libwmf incorrectly handled certain malformed images. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

8 July 2015

USN-2669-1: Bind vulnerability

Breno Silveira Soares discovered that Bind incorrectly handled certain zone data when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service.

7 July 2015

USN-2668-1: HAProxy vulnerability

It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests.

7 July 2015

USN-2666-1: Linux kernel vulnerabilities

A race condition was discovered in the Linux kernel’s file_handle size verification. A local user could exploit this flaw to read potentially sensative memory locations. (CVE-2015-1420) A underflow error was discovered in the Linux kernel’s Ozmo Devices USB over WiFi host controller driver. A remote attacker could exploit this flaw to cause a…

7 July 2015

USN-2658-1: PHP vulnerabilities

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598) Emmanuel Law discovered that the PHP phar extension…

6 July 2015

USN-2659-1: cups-filters vulnerabilities

Petr Sklenar discovered that the cups-filters texttopdf filter incorrectly handled line sizes. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code as the lp user. (CVE-2015-3258, CVE-2015-3279)

6 July 2015

USN-2652-1: Oxide vulnerabilities

It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-1266) It was discovered that Blink did not properly…

30 June 2015

USN-2657-1: unattended-upgrades vulnerability

It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

29 June 2015

USN-2654-1: Tomcat vulnerabilities

It was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0119) It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could…

25 June 2015

USN-2653-1: Python vulnerabilities

It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752) It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A…

25 June 2015

USN-2651-1: GNU patch vulnerabilities

Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2010-4651) László Böszörményi discovered that GNU patch did not correctly…

22 June 2015

USN-2646-2: Linux kernel regression

The Fix for CVE-2015-1328 introduced a regression into the Linux kernel’s overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic. We apologize for the inconvenience. Original advisory details: Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user…

21 June 2015

USN-2650-1: wpa_supplicant and hostapd vulnerabilities

Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd. A remote attacker could use these issues to cause wpa_supplicant or hostapd to crash, resulting in a denial of service. (CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)

16 June 2015

USN-2649-1: devscripts vulnerability

It was discovered that the uupdate tool incorrectly handled symlinks. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly replace arbitrary files, leading to a privilege escalation.

16 June 2015

USN-2648-1: Aptdaemon vulnerability

Tavis Ormandy discovered that Aptdeamon incorrectly handled the simulate dbus method. A local attacker could use this issue to possibly expose sensitive information, or perform other file access as the root user.

16 June 2015

USN-2646-1: Linux kernel vulnerability

Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

15 June 2015

USN-2639-1: OpenSSL vulnerabilities

Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8176) Joseph Barr-Pixton discovered that OpenSSL incorrectly handled…

11 June 2015

USN-2637-1: Linux kernel vulnerabilities

Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2015-0275) Wen Xu discovered a use-after-free flaw in the Linux kernel’s ipv4 ping support. A local user…

10 June 2015

USN-2630-1: QEMU vulnerabilities

Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor…

10 June 2015

USN-2629-1: CUPS vulnerabilities

It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. (CVE-2015-1158) It was discovered that the CUPS templating engine contained a cross-site scripting issue. A…

10 June 2015

USN-2628-1: strongSwan vulnerability

Alexander E. Patrakov discovered that strongSwan incorrectly handled certain IKEv2 setups. A malicious server could possibly use this issue to obtain user credentials.

8 June 2015

USN-2627-1: t1utils vulnerability

Jakub Wilk discovered that t1utils incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially crafted font, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

3 June 2015

USN-2626-1: Qt vulnerabilities

Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS….

3 June 2015

USN-2624-1: OpenSSL update

As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks.

1 June 2015

USN-2622-1: OpenLDAP vulnerabilities

It was discovered that OpenLDAP incorrectly handled certain search queries that returned empty attributes. A remote attacker could use this issue to cause OpenLDAP to assert, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1164) Michael Vishchers discovered that OpenLDAP improperly counted references when…

26 May 2015

USN-2621-1: PostgreSQL vulnerabilities

Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. (CVE-2015-3165) Noah Misch discovered that PostgreSQL incorrectly handled certain standard library function return values,…

25 May 2015

USN-2618-1: python-dbusmock vulnerability

It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute arbitrary code.

21 May 2015

USN-2609-1: Apport vulnerabilities

Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. (CVE-2015-1324) Philip Pettersson discovered that Apport contained race conditions resulting core dumps to be generated with incorrect…

21 May 2015

USN-2617-1: FUSE vulnerability

Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges.

21 May 2015

USN-2610-1: Oxide vulnerabilities

Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. (CVE-2015-1253, CVE-2015-1254) A use-after-free was discovered in the WebAudio implementation in Chromium. If a user…

21 May 2015

USN-2616-1: Linux kernel vulnerabilities

Alexandre Oliva reported a race condition flaw in the btrfs file system’s handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. (CVE-2014-9710) A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote…

20 May 2015

USN-2603-1: Thunderbird vulnerabilities

Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges…

18 May 2015

USN-2602-1: Firefox vulnerabilities

Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong, Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via…

13 May 2015

USN-2608-1: QEMU vulnerabilities

Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be…

13 May 2015

USN-2607-1: Module::Signature vulnerabilities

John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. (CVE-2015-3406) John Lightsey discovered that Module::Signature incorrectly handled files that were not…

12 May 2015

USN-2605-1: ICU vulnerabilities

Pedro Ribeiro discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

11 May 2015

USN-2604-1: Libtasn1 vulnerability

Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.

11 May 2015

USN-2600-2: Linux kernel regression

USN-2600-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A race condition between chown() and…

9 May 2015

USN-2582-1: Oxide vulnerabilities

A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1243) Multiple security issues…

6 May 2015

USN-2600-1: Linux kernel vulnerability

A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

5 May 2015

USN-2595-1: ppp vulnerability

It was discovered that ppp incorrectly handled large PIDs. When pppd is used with a RADIUS server, a remote attacker could use this issue to cause it to crash, resulting in a denial of service.

5 May 2015

USN-2594-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

5 May 2015

USN-2593-1: Dnsmasq vulnerability

Nick Sampanis discovered that Dnsmasq incorrectly handled certain malformed DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly obtain sensitive information.

4 May 2015

USN-2592-1: XML::LibXML vulnerability

Tilmann Haak discovered that XML::LibXML incorrectly handled the expand_entities parameter in certain situations. A remote attacker could possibly use this issue to access sensitive information.

4 May 2015

USN-2591-1: curl vulnerabilities

Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143) Hanno Böck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use…

30 April 2015

USN-2590-1: Linux kernel vulnerabilities

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). (CVE-2015-2150) A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could…

30 April 2015

USN-2581-1: NetworkManager vulnerability

Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files.

28 April 2015

USN-2570-1: Oxide vulnerabilities

An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1235) An issue was discovered in the Web Audio API implementation in Blink. If a user were tricked in to opening a specially crafted…

27 April 2015

USN-2580-1: tcpdump vulnerabilities

It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile.

27 April 2015

USN-2579-1: autofs vulnerability

It was discovered that autofs incorrectly filtered environment variables when using program maps. When program maps were configured, a local user could use this issue to escalate privileges. This update changes the default behaviour by adding a prefix to environment variables. Sites using program maps will need to adapt to the new variable names,…

27 April 2015

USN-2578-1: LibreOffice vulnerabilities

Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2014-9093) It was discovered that LibreOffice incorrectly handled certain HWP files. If a user…

27 April 2015

USN-2571-1: Firefox vulnerability

Robert Kaiser discovered a use-after-free during plugin initialization in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2706)

24 April 2015

USN-2577-1: wpa_supplicant vulnerability

It was discovered that wpa_supplicant incorrectly handled SSID information when creating or updating P2P peer entries. A remote attacker could use this issue to cause wpa_supplicant to crash, resulting in a denial of service, expose memory contents, or possibly execute arbitrary code.

23 April 2015

USN-2576-1: usb-creator vulnerability

Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.

23 April 2015

USN-2575-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more…

21 April 2015

USN-2574-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal…

21 April 2015

USN-2572-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3330) It was discovered that PHP incorrectly handled opening tar, zip or phar archives through the PHAR extension. A remote…

20 April 2015

USN-2569-2: Apport vulnerability

USN-2569-1 fixed a vulnerability in Apport. Tavis Ormandy discovered that the fixed packages were still vulnerable to a privilege escalation attack. This update completely disables crash report handling for containers until a more complete solution is available. Original advisory details: Stéphane Graber and Tavis Ormandy independently…

16 April 2015

USN-2569-1: Apport vulnerability

Stéphane Graber and Tavis Ormandy independently discovered that Apport incorrectly handled the crash reporting feature. A local attacker could use this issue to gain elevated privileges.

14 April 2015

USN-2568-1: libx11, libxrender vulnerability

Abhishek Arya discovered that libX11 incorrectly handled memory in the MakeBigReq macro. A remote attacker could use this issue to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code. In addition, following the macro fix in libx11, a number of other packages have also been rebuilt as security updates…

13 April 2015

USN-2567-1: NTP vulnerabilities

Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A remote attacker could possibly use this issue to bypass authentication and spoof packets. (CVE-2015-1798) Miroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use this issue to cause a denial of service….

13 April 2015

USN-2566-1: dpkg vulnerability

Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.

9 April 2015

USN-2565-1: Linux kernel vulnerabilities

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. (CVE-2015-1593) An information leak was discovered in the Linux Kernel’s handling of userspace configuration of the…

9 April 2015

USN-2559-1: Libtasn1 vulnerability

Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.

8 April 2015

USN-2558-1: Mailman vulnerability

It was discovered that Mailman incorrectly handled special characters in list names. A local attacker could use this issue to perform a path traversal attack and execute arbitrary code as the Mailman user.

7 April 2015

USN-2556-1: Oxide vulnerabilities

It was discovered that Chromium did not properly handle the interaction of IPC, the gamepad API and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1233) A buffer overflow was discovered in the…

7 April 2015

USN-2557-1: Firefox vulnerability

Muneaki Nishimura discovered a flaw in Mozilla’s HTTP Alternative Services implementation which meant SSL certificate verification could be bypassed in some circumstances. A remote attacker could potentially exploit this to conduct a man in the middle attack. (CVE-2015-0799)

7 April 2015

USN-2552-1: Thunderbird vulnerabilities

Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801) Christoph Kerschbaumer discovered that CORS requests…

2 April 2015

USN-2553-2: LibTIFF regression

USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for the inconvenience. Original advisory details: William Robinet discovered that LibTIFF…

1 April 2015

USN-2550-1: Firefox vulnerabilities

Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801) Bobby Holley discovered that windows created to hold privileged UI…

1 April 2015

USN-2555-1: Libgcrypt vulnerabilities

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2014-3591) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side…

1 April 2015

USN-2554-1: GnuPG vulnerabilities

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. (CVE-2014-3591) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side…

1 April 2015

USN-2553-1: LibTIFF vulnerabilities

William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128,…

31 March 2015

USN-2551-1: Apache Standard Taglibs vulnerability

David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks.

30 March 2015

USN-2549-1: libarchive vulnerabilities

It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the –insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to arbitrary files. (CVE-2015-2304) Fabian Yamaguchi…

25 March 2015

USN-2548-1: Batik vulnerability

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.

25 March 2015

USN-2547-1: Mono vulnerabilities

It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. (CVE-2015-2318) It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle…

24 March 2015

USN-2546-1: Linux kernel vulnerabilities

A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2013-7421) A flaw was discovered in the crypto subsystem when screening…

24 March 2015

USN-2540-1: GnuTLS vulnerabilities

It was discovered that GnuTLS did not perform date and time checks on CA certificates, contrary to expectations. This issue only affected Ubuntu 10.04 LTS. (CVE-2014-8155) Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that signature algorithms matched. A remote attacker could possibly use this issue to downgrade to a…

23 March 2015

USN-2539-1: Django vulnerabilities

Andrey Babak discovered that Django incorrectly handled strip_tags. A remote attacker could possibly use this issue to cause Django to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2316) Daniel Chatfield discovered that Django incorrectly handled…

23 March 2015

USN-2538-1: Firefox vulnerabilities

A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0817) Mariusz Mlynski discovered a flaw in the…

22 March 2015

USN-2537-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2015-0209) Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could…

19 March 2015

USN-2536-1: libXfont vulnerabilities

Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.

18 March 2015

USN-2535-1: PHP vulnerabilities

Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-8117) S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use…

18 March 2015

USN-2532-1: cups-filters vulnerability

It was discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands.

16 March 2015

USN-2533-1: Sudo vulnerability

Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions.

16 March 2015

USN-2531-1: Requests vulnerability

Matthew Daley discovered that Requests incorrectly handled cookies without host values when being redirected. A remote attacker could possibly use this issue to perform session fixation or cookie stealing attacks.

16 March 2015

USN-2530-1: Linux kernel vulnerability

It was discovered that the Linux kernel’s Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.

12 March 2015

USN-2524-1: eCryptfs vulnerability

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files.

11 March 2015

USN-2521-1: Oxide vulnerabilities

Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1213, CVE-2015-1214, CVE-2015-1215) A…

10 March 2015

USN-2523-1: Apache HTTP Server vulnerabilities

Martin Holst Swende discovered that the mod_headers module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. (CVE-2013-5704) Mark Montague discovered that the mod_cache module incorrectly handled empty HTTP Content-Type headers. A remote…

10 March 2015

USN-2505-2: Firefox regression

USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated “-remote” command-line switch that some older software still depends on. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Matthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from…

9 March 2015

USN-2522-1: ICU vulnerabilities

It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383,…

5 March 2015

USN-2506-1: Thunderbird vulnerabilities

Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0822) Abhishek Arya…

3 March 2015

USN-2520-1: CUPS vulnerability

Peter De Wachter discovered that CUPS incorrectly handled certain malformed compressed raster files. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.

26 February 2015

USN-2519-1: GNU C Library vulnerabilities

Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7423) It was discovered that the GNU C…

26 February 2015

USN-2518-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine’s (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an…

26 February 2015

USN-2505-1: Firefox vulnerabilities

Matthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2015-0819) Jan de Mooij discovered an issue that affects content using the…

25 February 2015

USN-2510-1: FreeType vulnerabilities

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

24 February 2015

USN-2509-1: ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20141019 package.

23 February 2015

USN-2508-1: Samba vulnerability

Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges.

23 February 2015

USN-2507-1: e2fsprogs vulnerabilities

Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code. (CVE-2015-0247, CVE-2015-1572)

23 February 2015

USN-2504-1: NSS update

The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17.4 which includes the latest CA certificate bundle.

19 February 2015

USN-2503-1: Bind vulnerability

Jan-Piet Mens discovered that Bind incorrectly handled Trust Anchor Management. A remote attacker could use this issue to cause bind to crash, resulting in a denial of service.

18 February 2015

USN-2502-1: unzip vulnerabilities

William Robinet discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.

17 February 2015

USN-2501-1: PHP vulnerabilities

Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8142, CVE-2015-0231) Brian Carpenter discovered that the PHP CGI component incorrectly handled invalid files. A local attacker…

17 February 2015

USN-2500-1: X.Org X server vulnerabilities

Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2015-0255) It was discovered that the X.Org X server incorrectly handled…

17 February 2015

USN-2499-1: PostgreSQL vulnerabilities

Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. (CVE-2014-8161) Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An…

11 February 2015

USN-2498-1: Kerberos vulnerabilities

It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this issue to forge tickets by leveraging administrative access. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5351) It was discovered that the…

10 February 2015

USN-2495-1: Oxide vulnerabilities

A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1209) It was discovered that…

10 February 2015

USN-2496-1: GNU binutils vulnerabilities

Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8485) Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in…

9 February 2015

USN-2497-1: NTP vulnerabilities

Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service. (CVE-2014-9297) Stephen Roettger discovered that NTP incorrectly…

9 February 2015

USN-2494-1: file vulnerabilities

Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. (CVE-2014-3710) Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of…

4 February 2015

USN-2489-1: unzip vulnerability

Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.

3 February 2015

USN-2488-1: ClamAV vulnerability

Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.

2 February 2015

USN-2487-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395, CVE-2015-0408, CVE-2015-0412) Several vulnerabilities…

28 January 2015

USN-2458-3: Firefox regression

USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron…

27 January 2015

USN-2476-1: Oxide vulnerabilities

Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7923, CVE-2014-7926) A use-after-free was…

26 January 2015

USN-2484-1: Unbound vulnerability

Florian Maury discovered that Unbound incorrectly handled delegation. A remote attacker could possibly use this issue to cause Unbound to consume resources, resulting in a denial of service.

26 January 2015

USN-2483-1: JasPer vulnerabilities

Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. (CVE-2014-8137) Jose Duart discovered that JasPer incorrectly…

26 January 2015

USN-2482-1: elfutils vulnerability

Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory.

23 January 2015

USN-2481-1: Samba vulnerability

Andrew Bartlett discovered that Samba incorrectly handled delegation of authority when being used as an Active Directory Domain Controller. An attacker given delegation privileges could use this issue to escalate their privileges further.

22 January 2015

USN-2480-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more…

22 January 2015

USN-2460-1: Thunderbird vulnerabilities

Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user…

19 January 2015

USN-2479-1: RPM vulnerabilities

Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. (CVE-2013-6435) Florian Weimer discovered that RPM incorrectly handled certain CPIO headers. If a user or automated system were tricked into installing a malicious package file, a remote attacker could use this…

19 January 2015

USN-2478-1: libssh vulnerability

It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service.

19 January 2015

USN-2477-1: libevent vulnerability

Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code.

19 January 2015

USN-2474-1: curl vulnerability

Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests.

15 January 2015

USN-2458-2: Ubufox update

USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Original advisory details: Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to …

14 January 2015

USN-2458-1: Firefox vulnerabilities

Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or…

14 January 2015

USN-2472-1: unzip vulnerabilities

Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.

14 January 2015

USN-2470-1: Git vulnerability

Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the victim pulls from.

14 January 2015

USN-2469-1: Django vulnerabilities

Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. (CVE-2015-0219) Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform…

13 January 2015

USN-2468-1: Linux kernel vulnerabilities

A null pointer dereference flaw was discovered in the the Linux kernel’s SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. (CVE-2014-7841) A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the…

13 January 2015

USN-2461-2: libyaml-libyaml-perl vulnerability

Stanisław Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

12 January 2015

USN-2461-1: LibYAML vulnerability

Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

12 January 2015

USN-2461-3: PyYAML vulnerability

Stanisław Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

12 January 2015

USN-2459-1: OpenSSL vulnerabilities

Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. (CVE-2014-3570) Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3571) Karthikeyan Bhargavan discovered that OpenSSL…

12 January 2015

USN-2456-1: GNU cpio vulnerabilities

Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. (CVE-2014-9112) Jakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio’s rmt client…

8 January 2015

USN-2455-1: bsd-mailx vulnerability

It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and can be re-enabled with the “expandaddr”…

7 January 2015

USN-2454-1: Exiv2 vulnerability

It was discovered that Exiv2 incorrectly handled certain tag values in video files. If a user or automated system were tricked into opening a specially-crafted video file, a remote attacker could cause Exiv2 to crash, resulting in a denial of service.

7 January 2015

USN-2453-1: mime-support vulnerability

Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered certain shell metacharacters in filenames. If a user or automated system were tricked into opening a file with a specially-crafted filename, a remote attacker could possibly execute arbitrary code.

7 January 2015

USN-2452-1: NSS vulnerability

It was discovered that NSS incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.

7 January 2015

USN-2451-1: cgmanager vulnerability

Serge Hallyn discovered that cgmanager did not consistently enforce proper nesting when modifying cgroup properties. A local attacker in a privileged container could use this to set cgroup values for all cgroups.

6 January 2015

USN-2450-1: strongSwan vulnerability

Mike Daskalakis discovered that strongSwan incorrectly handled IKEv2 payloads that contained the Diffie-Hellman group 1025. A remote attacker could use this issue to cause the IKE daemon to crash, resulting in a denial of service.

5 January 2015

USN-2449-1: NTP vulnerabilities

Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. (CVE-2014-9293) Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker could possibly use this issue to brute force the…

22 December 2014

USN-2448-2: Linux kernel regression

USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: An information leak in the Linux kernel was discovered that could leak the high 16 bits of the…

19 December 2014

USN-2448-1: Linux kernel vulnerabilities

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel…

12 December 2014

USN-2440-1: Mutt vulnerability

Jakub Wilk discovered that the write_one_header function in mutt did not properly handle newline characters at the beginning of a header. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service.

11 December 2014

USN-2439-1: QEMU vulnerabilities

Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 14.10. (CVE-2014-7840) Paolo Bonzini…

11 December 2014

USN-2438-1: NVIDIA graphics drivers vulnerabilities

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

10 December 2014

USN-2436-2: X.Org X server vulnerabilities

USN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication, additional fixes have been made available for these issues. This update adds the additional fixes. Original advisory details: Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally…

10 December 2014

USN-2437-1: Bind vulnerability

Florian Maury discovered that Bind incorrectly handled delegation. A remote attacker could possibly use this issue to cause Bind to consume resources and crash, resulting in a denial of service.

9 December 2014

USN-2436-1: X.Org X server vulnerabilities

Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation.

9 December 2014

USN-2435-1: Graphviz vulnerability

It was discovered that graphviz incorrectly handled parsing errors. An attacker could use this issue to cause graphviz to crash or possibly execute arbitrary code.

9 December 2014

USN-2434-1: JasPer vulnerability

Jose Duart discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.

8 December 2014

USN-2431-2: MAAS regression

USN-2431-1 fixed vulnerabilities in mod_wsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A…

4 December 2014

USN-2433-1: tcpdump vulnerabilities

Steffen Bauch discovered that tcpdump incorrectly handled printing OSLR packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8767) Steffen Bauch discovered that tcpdump incorrectly handled printing GeoNet packets. A remote attacker could use this…

4 December 2014

USN-2432-1: GNU C Library vulnerabilities

Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-6656) Adhemerval Zanella Netto…

3 December 2014

USN-2428-1: Thunderbird vulnerabilities

Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code…

3 December 2014

USN-2431-1: mod_wsgi vulnerability

It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.

3 December 2014

USN-2424-1: Firefox vulnerabilities

Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Christian Holler, Jon Coppeard, Eric Rahm, Byron Campen, Eric Rescorla, and Xidorn Quan discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of…

2 December 2014

USN-2430-1: OpenVPN vulnerability

Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service.

2 December 2014

USN-2429-1: ppp vulnerability

It was discovered that ppp incorrectly handled certain options files. A local attacker could possibly use this issue to escalate privileges.

1 December 2014

USN-2427-1: Libksba vulnerability

Hanno Böck discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.

27 November 2014

USN-2426-1: FLAC vulnerabilities

Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

27 November 2014

USN-2425-1: DBus vulnerability

It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service. (CVE-2014-7824)

27 November 2014

USN-2423-1: ClamAV vulnerabilities

Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6497) Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use…

26 November 2014

USN-2422-1: Squid vulnerabilities

Sebastian Krahmer discovered that the Squid pinger incorrectly handled certain malformed ICMP packets. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

25 November 2014

USN-2421-1: Linux kernel vulnerabilities

A flaw was discovered in how the Linux kernel’s KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (CVE-2014-3690) Don Bailey discovered a flaw in…

25 November 2014

USN-2412-1: Ruby vulnerability

Tomas Hoger discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service.

20 November 2014

USN-2410-1: Oxide vulnerabilities

A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7904) Multiple use-after-frees were discovered in Blink. If…

19 November 2014

USN-2411-1: mountall vulnerability

Saurav Sengupta discovered that mountall incorrectly handled umask when calling the mount utility, resulting in certain filesystems possibly being mounted with incorrect permissions.

18 November 2014

USN-2409-1: QEMU vulnerabilities

Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3615) Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using…

13 November 2014

USN-2404-1: libvirt vulnerabilities

Pavel Hrdina discovered that libvirt incorrectly handled locking when processing the virConnectListAllDomains command. An attacker could use this issue to cause libvirtd to hang, resulting in a denial of service. (CVE-2014-3657) Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An…

11 November 2014

USN-2403-1: GnuTLS vulnerability

Sean Burford discovered that GnuTLS incorrectly handled printing certain elliptic curve parameters. A malicious remote server or client could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.

11 November 2014

USN-2399-1: curl vulnerability

Symeon Paraschoudis discovered that curl incorrectly handled memory when being used with CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle(). This may result in sensitive data being incorrectly sent to the remote server.

10 November 2014

USN-2398-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled the Impress remote control port. An attacker could possibly use this issue to cause Impress to crash, resulting in a denial of service, or possibly execute arbitrary code.

5 November 2014

USN-2397-1: Ruby vulnerabilities

Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2014-4975) Willis…

4 November 2014

USN-2396-1: Linux kernel vulnerabilities

Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the…

31 October 2014

USN-2393-1: Wget vulnerability

HD Moore discovered that Wget contained a path traversal vulnerability when downloading symlinks using FTP. A malicious remote FTP server or a man in the middle could use this issue to cause Wget to overwrite arbitrary files, possibly leading to arbitrary code execution.

30 October 2014

USN-2392-1: systemd-shim vulnerability

It was discovered that systemd-shim incorrectly shipped with a debugging clause enabled. A local attacker could possibly use this issue to cause a denial of service.

30 October 2014

USN-2391-1: php5 vulnerabilities

Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2014-3668) Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP…

30 October 2014

USN-2390-1: Pidgin vulnerabilities

Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly handled certificate validation. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3694) Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled certain…

28 October 2014

USN-2388-2: OpenJDK 7 vulnerabilities

USN-2388-1 fixed vulnerabilities in OpenJDK 7 for Ubuntu 14.04 LTS. This update provides the corresponding updates for Ubuntu 14.10. Original advisory details: A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network….

23 October 2014